aboutsummaryrefslogtreecommitdiffstats
path: root/main/webkit/cve-2010-2651.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/webkit/cve-2010-2651.patch')
-rw-r--r--main/webkit/cve-2010-2651.patch38
1 files changed, 38 insertions, 0 deletions
diff --git a/main/webkit/cve-2010-2651.patch b/main/webkit/cve-2010-2651.patch
new file mode 100644
index 0000000000..09fe1f8c46
--- /dev/null
+++ b/main/webkit/cve-2010-2651.patch
@@ -0,0 +1,38 @@
+description: fix cve-2010-2651
+author: Michael Gilbert <michael.s.gilbert@gmail.com>
+origin: http://trac.webkit.org/changeset/59247
+Index: webkit-1.2.4/WebCore/rendering/RenderBlock.cpp
+===================================================================
+--- webkit-1.2.4.orig/WebCore/rendering/RenderBlock.cpp 2010-09-03 15:18:07.000000000 -0400
++++ webkit-1.2.4/WebCore/rendering/RenderBlock.cpp 2010-09-06 21:50:51.000000000 -0400
+@@ -4651,10 +4651,12 @@
+
+ // Drill into inlines looking for our first text child.
+ RenderObject* currChild = firstLetterBlock->firstChild();
+- while (currChild && currChild->needsLayout() && ((!currChild->isReplaced() && !currChild->isRenderButton() && !currChild->isMenuList()) || currChild->isFloatingOrPositioned()) && !currChild->isText()) {
++ while (currChild && ((!currChild->isReplaced() && !currChild->isRenderButton() && !currChild->isMenuList()) || currChild->isFloatingOrPositioned()) && !currChild->isText()) {
+ if (currChild->isFloatingOrPositioned()) {
+- if (currChild->style()->styleType() == FIRST_LETTER)
++ if (currChild->style()->styleType() == FIRST_LETTER) {
++ currChild = currChild->firstChild();
+ break;
++ }
+ currChild = currChild->nextSibling();
+ } else
+ currChild = currChild->firstChild();
+@@ -4671,11 +4673,11 @@
+
+ // If the child already has style, then it has already been created, so we just want
+ // to update it.
+- if (currChild->style()->styleType() == FIRST_LETTER) {
++ if (firstLetterContainer->style()->styleType() == FIRST_LETTER) {
+ RenderStyle* pseudo = firstLetterBlock->getCachedPseudoStyle(FIRST_LETTER,
+- firstLetterContainer->firstLineStyle());
+- currChild->setStyle(pseudo);
+- for (RenderObject* genChild = currChild->firstChild(); genChild; genChild = genChild->nextSibling()) {
++ firstLetterContainer->parent()->firstLineStyle());
++ firstLetterContainer->setStyle(pseudo);
++ for (RenderObject* genChild = firstLetterContainer->firstChild(); genChild; genChild = genChild->nextSibling()) {
+ if (genChild->isText())
+ genChild->setStyle(pseudo);
+ }
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-02 03:59:19 +0000